Cisco 7200 IPsec

To: tech_(_at_)_openbsd_(_dot_)_org

Subject: Cisco 7200 IPsec

From: Kenneth Ingham <ingham_(_at_)_i-pi_(_dot_)_com>

Date: Thu, 23 Oct 2003 12:34:18 -0600

We are trying to set up an IPsec connection with a OpenBSD 3.2
system on our side and a Cisco 7200 on the other side.
We can successfully establish the VPN, and can ping through it.
The problem comes from the fact that their side drops the connection
if it is idle, and the OpenBSD side is keeping it up. They shut
down the tunnel after we had established 1000 securiy associations
with them. Apparently, their side is not sending the "drop the
connection" message (bad on their part, but we still have to live
with them).
They are unwilling to keep the VPN up when there is no traffic.
The initial traffic comes from our side, so we cannot have them
bring the VPN up.
How can we have a connection brought up and down dynamically?
Kenneth Ingham
[demime 0.98d removed an attachment of type application/pgp-signature]